FinCEN Issues Report on AML Practices

Over the past two years, the Financial Crimes Enforcement Network (FinCEN) has been talking with large institutions about how they're performing anti-money laundering programs and complying with the Bank Secrecy Act (BSA).

On Tuesday, FinCEN Director James Freis released the findings in a report, "Financial Institutions Outreach Initiative." The report shows common findings of BSA practices and procedures in those big institutions.

"The Financial Institutions Outreach Initiative contributes to FinCEN's broader understanding of financial industry practices in applying the BSA and provides new insights into what information institutions need to more effectively implement their anti-money laundering programs," says Freis. "As a result of this dialogue, law enforcement investigators and regulators will receive increasingly better information to act against financial crime and illicit activities." Freis made his comments at the American Bankers Association AML-BSA conference.

Key findings in report include:

Many larger depository institutions have internal account closure policies in place relating to suspicious activity report (SAR) filings; however, the policies differ among the various banks.

The money laundering-related SAR process is managed within a bank's anti-money laundering (AML) or BSA compliance group, while the fraud-related SAR process is typically handled by other business lines within the bank, including corporate security, fraud prevention, loan risk and recovery, consumer lending operations, and credit card operations.

While banks indicate that automated transaction monitoring systems to generate "alerts" for further investigation provide added value to their efforts to identify suspicious activity, every bank indicates that they believe their best source of information on possible suspicious activity comes from referrals by front-line bank personnel.

The vast majority of large depository institutions have established stand-alone financial intelligence units (FIUs) to perform internal analysis of unusual transactions and to support their efforts to comply with reporting requirements under the BSA.

FinCEN also details a number of steps it has taken to provide greater clarity in guidance in response to questions raised by depository institutions.

Beginning in early 2008, Freis says FinCEN set out to better educate large institutions of its regulatory rulemaking and guidance responsibilities. In 2009, FinCEN conducted similar outreach to some of the nation's largest money services businesses, and it has just announced a new outreach initiative with smaller depository institutions.

About the Author

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;